Email has been around since the 1970s. Today, everyone and every business uses email for their communications. To put things in perspective, according to Radicati group – 122 business emails were sent and received per user per day in 2015! That is a lot of email for humans to process without making a bad judgement call. It has also become the vector of choice for threat actors to initiate advanced phishing campaigns.

Spam emails were the first form of email borne threats and the first documented email spam attack happened in 1996. Spam was unwanted mail that clogged up people’s inboxes. Malware was sent using spam emails to try to get confidential information or exfiltrate data. Spam was been seen as more of an annoyance.

Over the years, email-borne threats have transitioned to disruption of businesses and services. Today the attacks are more sophisticated and targeted, resulting in financial and reputation loss. It has become easy for hackers to monetize their attacks using zero-day malware, which is available on the dark web marketplace. Attacks such as ransomware and spear-phishing have a direct impact on an organization’s bottom line.

Threat actors used phishing tactics and sent mass email campaigns to try to dupe unsuspecting victims. These were mass email campaigns with a low success rate. Today, attackers carry out targeted and focused tactical email campaigns as part of a spear phishing attack. Social engineering plays a big part in phishing campaigns today.

Reports indicate that phishing campaigns now use ransomware and zero-day malware is the next evolution in phishing. According to the 2017 SonicWall Threat Report the most popular payload for malicious email campaigns in 2016 was ransomware, and the trend is expected to continue throughout 2017.

The top email-borne threats today are – ransomware, spear phishing and whaling or business email compromise.

Ransomware

Ransomware is a type of malware (usually zero-day on unknown) that is designed to encrypt data and block access to a computer system until a sum of money is paid.

According to a study conducted by SANS Institute, Ransomware delivered through phishing emails has emerged as the most identified type of attack for those organizations that had experienced a breach. This is in line with the findings of the 2017 SonicWall Threat Report, in which ransomware was found to be the payload of choice for malicious email campaigns.

Another study conducted by that Osterman research group shows that nearly one-half of companies in North America were a victim of ransomware in the last 12 months. And no surprises here, as nearly 60% of ransomware was delivered through emails either using malicious links or malware-ridden attachments.

Ransomware is quickly becoming an epidemic for organizations worldwide.

According to SANS 2016 Threat Landscape Survey, spear phishing and whaling are significant forms of attacks reported. Another survey by Cloudmark estimates that the cost of a spear phishing attack is 1.6M and 73% of companies acknowledge that spear phishing poses a significant threat.

Business Email Compromise (BEC)

BEC emails spoof trusted domains and imitate brands and corporate identities. In many cases, the emails appear from a legitimate trusted sender or from the company CEO typically asking for wire transfer of money.

According to the FBI – BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

This is a very real and a growing issue. The FBI has put up a public service announcement saying that BEC is a 3.1 billion dollar problem. Even the IRS has recently put up a notice on its website to educate people regarding this form of threat.

Today’s advanced threats require a new set of email security features in addition to the traditional capabilities. A multi-layered email security solution ensures protection to protect business communications. Businesses need a next-generation email security solution that offers comprehensive threat prevention capabilities.

Ganesh has over 8 years of experience working in the technology industry. His previous roles include Product Management and Marketing consultant for fortune 500 companies. He has also worked in various capacities ranging from a software engineer to a IT consultant.

Ganesh holds an MBA from University of Washington, Seattle and a bachelor’s degree in electronics & instrumentation engineering from India.

Don’t Be Fooled by the Calm After the WannaCry Chaos: Continuously Toughen Your Security

Capturing the World’s Latest Malware so You Can Fear Less

Ransomware: Are You Protected From the Next Outbreak?

2 comments

Leia

August 5, 2017 at 1:37 PM

Hi everyone! Excellent piece of writing! I like which you
explained Evolution of Email Threats: The Rise of Ransomware, Spear Phishing and Whaling Attacks.

Awesome article and also incredible paper! No doubt that a particular editor is going to be educated and also a large knowledge of
composing.
Relating to my vision, Simply put i don’t similarly to building and yes it even doesn’t produce any other total
satisfaction as well as other favourable weather expertise.

On The Other Hand ought of do this key fact or perhaps even I’ll lose out my
very own piece of research .
My Spouse And I love to commodity the hyperlink for the website
page Marlene that helps us a very good having my brand new writing drawbacks.Many I chose use articles professional services.
To find trusty manufacturers I take advantage of this
website uk essay writing reviews where there are much of a amount of in-depth critiques to
do with different on-line drafting brands